US12143357B2ActiveUtilityA1

Communication control apparatus and system

46
Assignee: HITACHI LTDPriority: Sep 24, 2019Filed: Jun 23, 2020Granted: Nov 12, 2024
Est. expirySep 24, 2039(~13.2 yrs left)· nominal 20-yr term from priority
H04L 12/66H04L 12/28H04L 63/0209H04L 63/0227
46
PatentIndex Score
0
Cited by
9
References
5
Claims

Abstract

Conventional security measures are generally intended for an IT system, and it has been difficult to satisfy a real-time property and availability requested to a control system. Furthermore, since a time-division type time slot communication method is not taken into consideration, such time slot communication has problems in efficient utilization of computer resources and decrease in availability. In order to solve the above-described problems, the present invention specifies a time slot from characteristics of a communication packet received by a reception unit 133 by using a time slot characteristic storage unit 130 , and selects, in accordance with the specified time slot, an inspection pattern stored in an inspection pattern storage unit 136 by using an inspection pattern selection unit 131.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A communication control apparatus for transferring a communication frame, comprising one or more memory devices having a program stored therein that, when executed by one or more processors, causes the one or more processors to:
 receive a communication frame; 
 identify a plurality of time slots for processing the communication frame; 
 identify characteristics of the plurality of time slots, wherein the characteristics of the plurality of time slots include at least a communication protocol and at least one of an intended use, and an application program that uses the communication frame; 
 identify an inspection pattern specific to each of the plurality of time slots to detect an unauthorized content, based at least in part on a priority level of the inspection pattern; 
 in response to a detection of the unauthorized content, determine a security measure to be taken against the communication frame, the security measure specific to each of the plurality of time slots and in accordance with an identified characteristic of each of the plurality of time slots; and 
 take the security measure by:
 comparing the received communication frame with the inspection pattern, and 
 changing an error checking code of the communication frame based at least in part on a result of the comparing. 
 
 
     
     
       2. The communication control apparatus according to  claim 1 , wherein the one or more processors are configured to:
 in response to an identification of one of the plurality of time slots, cause switching to the one of the plurality of time slots, and 
 specify a security measure for the one of the plurality of time slots. 
 
     
     
       3. The communication control apparatus according to  claim 1 , wherein the one or more processors are configured to:
 identify the plurality of time slots based at least in part on information included in the communication frame. 
 
     
     
       4. The communication control apparatus according to  claim 1 , wherein the one or more processors are configured to:
 extract a characteristic of the communication frame from the communication frame, and 
 specify the security measure in accordance with the extracted characteristic of the communication frame. 
 
     
     
       5. A communication system for transferring a communication frame, comprising one or more memory devices having a program stored therein that, when executed by one or more processors, causes the one or more processors to:
 receive a communication frame; 
 a plurality of time slots for processing the communication frame; 
 identify characteristics of the plurality of time slots, wherein the characteristics of the plurality of time slots include at least a communication protocol and at least one of an intended use, and an application program that uses the communication frame; 
 identify an inspection pattern specific to each of the plurality of time slots to detect an unauthorized content, based at least in part on a priority level of the inspection pattern; 
 in response to a detection of the unauthorized content, determine a security measure to be taken against the communication frame, the security measure specific to each of the plurality of time slots and in accordance with an identified characteristic of each of the plurality of time slots; and 
 take the specified security measure, by:
 comparing the received communication frame with the inspection pattern, and 
 changing an error checking code of the communication frame based at least in part on a result of the comparing.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.